William Genovese

Last updated

William Genovese is a former greyhat hacker turned security professional, who goes by the alias illwill.

Contents

History

In the early 2000s, Genovese was a former figure in a loose-knit group of computer hackers who called themselves illmob. illmob.org, that was a security community website ran by Genovese, which, at the time, had many high-profile incidents related to it. Genovese now works as a private security consultant involved in the computer security industry, doing penetration testing, phishing, OSINT threat intel, mitigation. He is also a contributor to the Metasploit project.

Website controversy

In 2003, Genovese's website was the first to release 0day code that exploited the MS03-026 Windows RPC vulnerability, which was later used by unknown hackers to create variants of the W32/Blaster Worm. [1] In response, Genovese released a tool he coded to remove the worm from infected Windows PC's. [2]

In 2004 [3] federal authorities charged Genovese with Theft of a Trade Secret (US Code Title 18, section 1832), for selling the incomplete WindowsNT/2000 Microsoft source code to Microsoft investigators and federal agents, even though the code sold was already widely distributed on the Internet prior to his sale. [4] Authorities used an obscure law enacted under the Economic Espionage Act of 1996, which had been traditionally adjudicated through private civil litigation.

In 2005, the illmob.org site had posted leaked images and phone book from Paris Hilton's [5] T-Mobile Sidekick phone that were obtained from a fellow hacker. [6] [7] Reportedly, the data was obtained by social engineering and exploiting a vulnerability in a BEA WebLogic Server database function that allowed an attacker to remotely read or replace any file on a system by feeding it a specially-crafted web request. BEA produced a patch for the bug in March 2003 which T-Mobile failed to apply. The website was also mentioned in news articles, in connection with Fred Durst's [8] sex tape leak which was stolen from his personal email account.

Hackerspace

From 2010 until his resignation in 2016, Genovese co-founded, and was a board member of a 501(3)(c) non-profit Hackerspace in Connecticut called NESIT, which he helped the local community by offering free classes on various network security topics, personal internet safety, reverse engineering, embedded electronic projects, 3-D Printing, and design. He helped build a virtualized pen-testing lab with a large server farm donation from a pharmaceutical company, where users can simulate attacking and penetrating machines in a safe lab environment.

Consulting

Since 2008, Genovese has reinvented himself as a security consultant, public speaker, and teacher. He does security consulting and performs penetration testing services for worldwide companies . He was also a co-founder and speaker at security conferences eXcon and BSides Connecticut (BSidesCT) in 2011, 2014, 2016, 2017, and 2018. In 2015 he was a panelist at DEF CON 23 in Las Vegas for a charity fundraiser to help a fellow hacker who was stricken with terminal cancer.

Related Research Articles

SQL Slammer is a 2003 computer worm that caused a denial of service on some Internet hosts and dramatically slowed general Internet traffic. It also crashed routers around the world, causing even more slowdowns. It spread rapidly, infecting most of its 75,000 victims within 10 minutes.

<span class="mw-page-title-main">Timeline of computer viruses and worms</span> Computer malware timeline

This timeline of computer viruses and worms presents a chronological timeline of noteworthy computer viruses, computer worms, Trojan horses, similar malware, related research and events.

<span class="mw-page-title-main">Blaster (computer worm)</span> 2003 Windows computer worm

Blaster was a computer worm that spread on computers running operating systems Windows XP and Windows 2000 during August 2003.

Microsoft Exchange Server is a mail server and calendaring server developed by Microsoft. It runs exclusively on Windows Server operating systems.

Sasser is a computer worm that affects computers running vulnerable versions of the Microsoft operating systems Windows XP and Windows 2000. Sasser spreads by exploiting the system through a vulnerable port. Thus it is particularly virulent in that it can spread without user intervention, but it is also easily stopped by a properly configured firewall or by downloading system updates from Windows Update. The specific hole Sasser exploits is documented by Microsoft in its MS04-011 bulletin, for which a patch had been released seventeen days earlier. The most characteristic experience of the worm is the shutdown timer that appears due to the worm crashing LSASS.

Agobot, also frequently known as Gaobot, is a family of computer worms. Axel "Ago" Gembe, a German programmer also known for leaking Half-Life 2 a year before release, was responsible for writing the first version. The Agobot source code describes it as: “a modular IRC bot for Win32 / Linux”. Agobot was released under version 2 of the GNU General Public License. Agobot is a multi-threaded and mostly object oriented program written in C++ as well as a small amount of assembly. Agobot is an example of a Botnet that requires little or no programming knowledge to use.

Bolgimo is a Win32 computer worm, a self-replicating computer program similar to a computer virus, which propagates by attempting to exploit unpatched Windows computers vulnerable to the DCOM RPC Interface Buffer Overrun Vulnerability using TCP port 445 on a network. The worm was discovered on November 10, 2003, and targets Windows NT, 2000 and XP Operating Systems.

Zotob is a computer worm which exploits security vulnerabilities in Microsoft operating systems like Windows 2000, including the MS05-039 plug-and-play vulnerability. This worm has been known to spread on Microsoft-ds or TCP port 445.

A security hacker or security researcher is someone who explores methods for breaching defenses and exploiting weaknesses in a computer system or network. Hackers may be motivated by a multitude of reasons, such as profit, protest, information gathering, challenge, recreation, or evaluation of a system weaknesses to assist in formulating defenses against potential hackers.

The Nimda virus is a malicious file-infecting computer worm.

Sub7, or SubSeven or Sub7Server, is a Trojan horse - more specifically a Remote Trojan Horse - program originally released in February 1999. Its name was derived by spelling NetBus backwards ("suBteN") and swapping "ten" with "seven". As of June 2021, the development of Sub7 is being continued.

<span class="mw-page-title-main">Storm Worm</span> Backdoor Trojan horse found in Windows

The Storm Worm is a phishing backdoor Trojan horse that affects computers using Microsoft operating systems, discovered on January 17, 2007. The worm is also known as:

<span class="mw-page-title-main">Conficker</span> Computer worm

Conficker, also known as Downup, Downadup and Kido, is a computer worm targeting the Microsoft Windows operating system that was first detected in November 2008. It uses flaws in Windows OS software and dictionary attacks on administrator passwords to propagate while forming a botnet, and has been unusually difficult to counter because of its combined use of many advanced malware techniques. The Conficker worm infected millions of computers including government, business and home computers in over 190 countries, making it the largest known computer worm infection since the 2003 SQL Slammer worm.

Stuxnet is a malicious computer worm first uncovered in 2010 and thought to have been in development since at least 2005. Stuxnet targets supervisory control and data acquisition (SCADA) systems and is believed to be responsible for causing substantial damage to the nuclear program of Iran. Although neither country has openly admitted responsibility, multiple independent news organizations recognize Stuxnet to be a cyberweapon built jointly by the United States and Israel in a collaborative effort known as Operation Olympic Games. The program, started during the Bush administration, was rapidly expanded within the first months of Barack Obama's presidency.

Duqu is a collection of computer malware discovered on 1 September 2011, thought by Kaspersky Labs to be related to the Stuxnet worm and to have been created by Unit 8200. Duqu has exploited Microsoft Windows's zero-day vulnerability. The Laboratory of Cryptography and System Security of the Budapest University of Technology and Economics in Hungary discovered the threat, analysed the malware, and wrote a 60-page report naming the threat Duqu. Duqu got its name from the prefix "~DQ" it gives to the names of files it creates.

<span class="mw-page-title-main">Iftach Ian Amit</span> Israeli Hacker

Iftach Ian Amit is an Israeli Hacker/computer security researcher and practitioner. He is one of the co-founders of the Tel Aviv DEF CON Group DC9723, the Penetration Testing Execution Standard, and presented at hacker conventions such as DEF CON, Black Hat, BlueHat, RSA Conference. He has been named SC Magazine's top experts and featured at Narratively's cover piece on Attack of the Superhackers and is frequently quoted and interviewed

<span class="mw-page-title-main">WannaCry ransomware attack</span> 2017 worldwide ransomware cyberattack

The WannaCry ransomware attack was a worldwide cyberattack in May 2017 by the WannaCry ransomware cryptoworm, which targeted computers running the Microsoft Windows operating system by encrypting data and demanding ransom payments in the Bitcoin cryptocurrency. It was propagated by using EternalBlue, an exploit developed by the United States National Security Agency (NSA) for Windows systems. EternalBlue was stolen and leaked by a group called The Shadow Brokers a month prior to the attack. While Microsoft had released patches previously to close the exploit, much of WannaCry's spread was from organizations that had not applied these, or were using older Windows systems that were past their end of life. These patches were imperative to cyber security, but many organizations did not apply them, citing a need for 24/7 operation, the risk of formerly working applications breaking because of the changes, lack of personnel or time to install them, or other reasons.

EternalBlue is a computer exploit software developed by the U.S. National Security Agency (NSA). It is based on a vulnerability in Microsoft Windows that allowed users to gain access to any number of computers connected to a network. The NSA knew about this vulnerability but did not disclose it to Microsoft for several years, since they planned to use it as a defense mechanism against cyber attacks. In 2017, the NSA discovered that the software was stolen by a group of hackers known as the Shadow Brokers. Microsoft was informed of this and released security updates in March 2017 patching the vulnerability. While this was happening, the hacker group attempted to auction off the software, but did not succeed in finding a buyer. EternalBlue was then publicly released on April 14, 2017.

<span class="mw-page-title-main">BlueKeep</span> Windows security hole

BlueKeep is a security vulnerability that was discovered in Microsoft's Remote Desktop Protocol (RDP) implementation, which allows for the possibility of remote code execution.

References

  1. Malware FAQ: What is W32/Blaster worm? | SANS
  2. Windows Dcom Worm Killer | Full-Disclosure Mail List
  3. Defendant: Microsoft source code sale was a setup | The Register
  4. Statement from Microsoft Regarding Illegal Posting of Windows2000 Source Code
  5. Paris Hilton's Sidekick hacked | The Register
  6. They'll Always Have Paris | Washington Post
  7. Hacker penetrates T-Mobile systems
  8. "Who Does Fred Durst Think He Is? - Blender". www.blender.com. Archived from the original on 30 March 2010. Retrieved 12 January 2022.
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.